堆栈内存溢出
  简体   繁体   English

PKCS11机制差异+ JAVA

[英]PKCS11 Mechanisms difference + JAVA

 原文  2013-02-21 13:11:20       java/ digital-signature/ public-key-encryption/ pkcs#11

问题描述

I'm implementing functions with PKCS11 mechanisms - CKM_RSA_PKCS and CKM_RSA_X_509. 我正在使用PKCS11机制实现功能-CKM_RSA_PKCS和CKM_RSA_X_509。 I know that both are implemented in Botan C++ library, but I have to find equivalents in Java. 我知道两者都是在Botan C ++库中实现的,但是我必须在Java中找到等效项。 Second problem is what's the difference between both of them? 第二个问题是两者之间有什么区别?

1 个解决方案

解决方案1
 4  2013-02-22 18:14:50

CKM_RSA_PKCS refers to the PKCS#1 v1.5 standard (see RFC3447 ) for RSA encryption and digital signatures. CKM_RSA_PKCS指用于RSA加密和数字签名的PKCS#1 v1.5标准(请参阅RFC3447 )。 In Java JCE, it is typically the default choice for RSA. 在Java JCE中,它通常是RSA的默认选择。

  • For digital signatures, pass "MD5WithRSA" , "SHA1WithRSA" , etc to Signature.getInstance() 对于数字签名, 请将“ MD5WithRSA”“ SHA1WithRSA”等传递给Signature.getInstance()
  • For encryption, pass "RSA/None/PKCS1Padding" to Cipher.getInstance() . 为了进行加密, 请将“ RSA / None / PKCS1Padding”传递给Cipher.getInstance()

CKM_RSA_X_509 refers to the textbook (or raw) RSA algorithm, that is, the one where no padding is defined. CKM_RSA_X_509是指教科书(或原始)RSA算法,即未定义填充的算法。 In this case, you can simply pass "RSA/None/NoPadding" to Cipher.getInstance() . 在这种情况下,您只需将“ RSA / None / NoPadding”传递给Cipher.getInstance() Signature can be done with decryption, wheres verification can be done with encryption (followed by comparison). 签名可以通过解密来完成,而验证可以通过加密来完成(随后进行比较)。

I would avoid implementing and using raw RSA though, unless you have specific use cases in mind. 但是,除非您有特定的用例,否则我将避免实施和使用原始RSA。 PKCS#1v 1.5 signatures are more secure. PKCS#1v 1.5签名更安全。 For enciphering though, I wouldn't actually recommend to use either of them, because they are both unsecure. 对于加密,我实际上不建议使用它们中的任何一个,因为它们都不安全。 It's better to rely only on PKCS#1 OAEP ( CKM_RSA_PKCS_OAEP ); 最好仅依赖PKCS#1 OAEP( CKM_RSA_PKCS_OAEP ); for that, you pass "RSA/None/OAEPWithSHA1AndMGF1Padding" to Cipher.getInstance() . 为此,请将“ RSA / None / OAEPWithSHA1AndMGF1Padding”传递给Cipher.getInstance()

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java-PKCS11和MSKeyStore - Java - PKCS11 and MSKeyStore 在64位JAVA上支持PKCS11 - Support for PKCS11 on 64 bit JAVA 一个很好的免费库,用于java中的PKCS11 - A good free library for PKCS11 in java java中的pkcs11 cmac计算 - pkcs11 cmac calculation in java PKCS#11 PKCS11 dll - PKCS#11 PKCS11 dll 通过不带pkcs11的智能卡在Java中签名文档 - Signing documents in java via smartcard without pkcs11 认证链只包含一个位置——Java & PKCS11 - Certification chain contains only one position - Java & PKCS11 带有PKCS11提供程序HSM的JAVA XML签名 - JAVA XML Signature with PKCS11 provider HSM java.security.KeyStoreException:找不到PKCS11 - java.security.KeyStoreException: PKCS11 not found 使用Java keytool的PKCS11格式密钥 - PKCS11 format key using Java keytool
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM